Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/ejabberd/patches/001-no-sslv3.patch
author Norm Jacobs <Norm.Jacobs@Oracle.COM>
Thu, 09 Jul 2015 13:47:36 -0700
changeset 4613 9c99af0be85c
permissions -rw-r--r--
20231112 problem in SERVICE/EJABBERD

#
# disable SSLv3 support as it is not entirely secure.
#
--- ejabberd-2.1.13/src/tls/tls_drv.c.orig	Thu Jul  9 11:46:50 2015
+++ ejabberd-2.1.13/src/tls/tls_drv.c	Thu Jul  9 11:52:03 2015
@@ -44,7 +44,7 @@
 #define SSL_OP_NO_TICKET 0
 #endif
 
-#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2"
+#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2:!SSLv3"
 
 /*
  * R15B changed several driver callbacks to use ErlDrvSizeT and
@@ -440,7 +440,7 @@
 	    res = SSL_CTX_check_private_key(ctx);
 	    die_unless(res > 0, "SSL_CTX_check_private_key failed");
 
-	    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);
+	    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET);
 
 	    SSL_CTX_set_cipher_list(ctx, CIPHERS);
upstream/oracle/userland-gate